Files @ 9b74296e6af6
Branch filter:

Location: kallithea/docs/api/models.rst - annotation

9b74296e6af6 632 B text/prs.fallenstein.rst Show Source Show as Raw Download as Raw
Søren Løvborg
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)

Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).

This commit blocks such GET request, preventing CSRF attacks.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
64a5386216c5
bb35ad076e2f
17c9393e9645
22a3fa3c4254
bb35ad076e2f
bb35ad076e2f
7e5f8c12a3fc
bb35ad076e2f
8b8edfc25856
7e5f8c12a3fc
9da24750f563
8b8edfc25856
7e5f8c12a3fc
8b8edfc25856
9da24750f563
7e5f8c12a3fc
bb35ad076e2f
9da24750f563
7e5f8c12a3fc
8b8edfc25856
9da24750f563
7e5f8c12a3fc
8b8edfc25856
bb35ad076e2f
499c513967a1
9da24750f563
8b8edfc25856
7e5f8c12a3fc
bb35ad076e2f
8b8edfc25856
7e5f8c12a3fc
8b8edfc25856
8b8edfc25856
499c513967a1
8b8edfc25856

.. _models:

========================
The :mod:`models` module
========================

.. automodule:: kallithea.model
   :members:

.. automodule:: kallithea.model.comment
   :members:

.. automodule:: kallithea.model.notification
   :members:

.. automodule:: kallithea.model.permission
   :members:

.. automodule:: kallithea.model.repo_permission
   :members:

.. automodule:: kallithea.model.repo
   :members:

.. automodule:: kallithea.model.repo_group
   :members:

.. automodule:: kallithea.model.scm
   :members:

.. automodule:: kallithea.model.user
   :members:

.. automodule:: kallithea.model.user_group
   :members:
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.